Managing Users

How to add users and assign permissions to your users

During the set up of Facets Control, an admin role would have been assigned to you. In this Section, you will learn how to add your developers to Facets Control Plane.

Adding Users Manually

You can add users manually if you have Admin Credentials.

Click on the Settings Icon and click on Users.

Users Button in Settings (Click on the image to expand)

Users Button in Settings (Click on the image to expand)

Click on Create User and fill in the details as required.

Creating a user manually (Click on the image to expand)

Creating a user manually (Click on the image to expand)


Role Based Access Control helps you in assigning roles to users.

Base Roles


Permissions associated with each role is now listed as a tooltip in the Create User screen.

You can also refer to Granular Permissions section for a description of all permissions.

Base RoleRoles
ADMINAll pages, buttons and actions are accessible to the ADMIN role, including those in the DEVELOPER and VIEWER roles.
DEVELOPERThe following actions are available for DEVELOPER role in the listed screens:
• Environments screen: Pause/Resume Releases
• Secrets and Variables screen: Edit an Entry and Submit Changes.
• Releases screen: Configure Release and Selective Release, Schedule Release and Unlock State.
• Overrides screen: Add and Delete Override.
• Backup screen: Create Snapshots.
• Provided Resources screen: Update Resources.
• Template Inputs screen: Create New Tenants and Edit Tenants.
• Alerts Centre screen: Silence Alert
• All the access privileges of VIEWER role.
VIEWER• Environments screen: Sync with Git
• Environment Overview screen: Renew and Download K8s credentials and Sync with Git
• Backup screen: List Snapshots
GUESTUsually gets assigned for a new user by default. Useful for Admin to filter and assign a role later.
CLUSTER_ADMINPerform Releases

Additional Roles


Any Base Role can be assigned Additional Roles that give access to specific actions in Facets.

Additional RolesRoles
K8S_READERCan download K8s credentials and do readonly operations
K8S_DEBUGGERCan download K8s credentials and do write operations on K8s
CLI_ARTIFACT_PUSHCan push artifacts using CLI

Granular Permissions for RBAC roles

RBAC roles defined in Facets have a list of associated permissions that grant the user privileges to perform certain actions as listed in Base Roles table. You can find a comprehensive list of permissions listed below.

ALERTS_CONFIGUREGrants permission to configure alerts.
APPLICATION_ROLLING_RESTARTGrants permission to initiate a rolling restart for an application.
ARTIFACTORY_WRITEGrants permissions to create and edit artifactories.
ARTIFACTS_DELETEGrants permissions to delete artifacts.
ARTIFACTS_WRITEGrants Write permissions for actions related to artifacts.
CHANNEL_WRITEGrants permission to create and edit channels.
ENVIRONMENT_CONFIGUREGrants permission to configure environments.
ENVIRONMENT_DELETEGrants permission to delete environments.
ENVIRONMENT_DESTROYGrants permission to destroy environments.
ENVIRONMENT_LAUNCHGrants permission to launch environments.
ENVIRONMENT_WRITEGrants permission to create, edit and configure environments.
OAUTH_INTEGRATION_DELETEGrants permission to delete OAuth integration.
OAUTH_INTEGRATION_WRITEGrants permission to add and edit OAuth integration.
STACK_CONFIGUREGrants permission to pause and unpause releases in an environment.
STACK_WRITEGrants permission to add and edit blueprints.
SUBSCRIPTION_DELETEGrants permission to delete subscriptions.
SUBSCRIPTION_WRITEGrants permission to create and edit subscriptions.
TEMPLATE_WRITEGrants permission to create and edit tenants.
USER_WRITEGrants permission to create and edit user and also edit passwords.

Google OAuth Integration

If you are using google workspace for your team logins, Facets can use the same login mechanism to give your users an instant access.

☝️ Create an Oauth Client ID in your google console

Please refer to the google docs below

Variable NameValue
Application TypeWeb Application
NameAny name indicating the name of the Oauth 2.0 client
Authorized Redirect URIs


This unique registration ID will be used later in the Facets UI to onboard the integration. We suggest it to be a single word all lower case.

✌️ Add the integration in Facets

Click on the "Oauth Integrations" and choose "Add new Google Integration".

Fill in the values as below

Variable NameValue
Registration Id given in redirect URI
Client IdFrom Google Console
Client SecretFrom Google Console
Login Button TextText that will appear in the CP Login screen. For e.g.


Logout to see this new button on the login screen. Any new user by default will receive a GUEST role until an ADMIN assign her to a desired Role